The executive order was issued in February 2013 after months of debate in congress failed to get cyber security legislation in place.Like the UK, a large proportion of organisations responsible for critical national infrastructure, such as electrical power and water supplies, are private sector companies.

The executive order called for a framework that provides a “prioritised, flexible, repeatable, performance-based, and cost-effective approach” for assisting organisations responsible for critical infrastructure services to manage cyber security risk.

The official launch follows the publication of a draft framework in October 2013 and a 45-day period in which stakeholders were invited to give feedback.The framework outlines how companies can identify and protect network assets and detect, respond to and recover from cyber attacks and data breaches.

Some private US companies have expressed fears that the voluntary framework will create new liabilities, but the BSA said it will have a positive effect.

“This framework creates the conditions for a productive public-private partnership that will bolster cyber security while promoting innovation,” said Tim Molino, BSA government relations director.

“Nist has solicited input from industry and other public stakeholders to ensure the framework leverages and promotes best practices on a voluntary basis,” he said.

According to BSA, this approach acknowledges there are no silver bullet solutions to enhance cyber security.

“What we need instead is an ongoing process of innovation and adaptation to counter the evolving threat environment. It is a long journey, but we’re heading in the right direction,” said Molino.